another question
David Brumley
dbrumley at rtfm.stanford.edu
Fri Aug 4 16:11:32 EDT 2000
Since I'm revamping how or logging system works, I've been taking another
looks at argus options, paricularly -d and -D.
Using argus-1.8.1, if I simply count the number of flows, i get:
root at rtfm# ./ra -r /log1/argus.000805 not man | wc -l
1536
However, the debug records show:
Fri 08/04 13:07:21 man pkts 1 drops 0 flows 1533
CLO
I was wondering why these two numbers don't match?
Also, it seems inconsistent to reset the packet count for each man record,
but not the flow count. Perhaps reseting the flow count also is
appropriate?
Oh, and while I remember it, one more feature I'd like added to argus is
it writing out the PID of the process to stdout. It makes killing,
restarting, etc easier :)
signed,
david
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security - dbrumley at Stanford.EDU
Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley
Fax: +1-650-725-9121 PGP: finger dbrumley-pgp at sunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
c:\winnt> secure_nt.exe
Securing NT. Insert Linux boot disk to continue......
More information about the argus
mailing list